Solved: Re: Windows 10 PCs Not Able To Access The Internet Dns Issue

moman62 · ‎10-12-2018

I am using a Cisco 2811 router and a Cisco 3750g switch. I have configure router for dhcp and nat/pat. My pc's were able to receive IP Addresses but cannot access the internet. I have setup the default route, Standard ACL, and overload which seem to be working on the router side.

My issue is that the PC's were able to access the internet prior to yesterday when this all started happening. I contacted my ISP and they checked/verified my static ip's dns, rebooted the internet router and informed me that the packets are being sent but not reaching. I can ping my gateway but not dns?

moman62 · ‎10-14-2018

After spending all day on this issue, I checked my ACL and saw that I had NAT overload pointing to my Inside address instead of my Outside address. Once I made the change did a shutdown on int fa0/0 and fa0/1 and then did a no-shut on each all started working.

Thanks for your help and patience.

View solution in original post

Alex Pfeil · ‎10-12-2018

Please post configuration on router. DNS is public IP?

moman62 · ‎10-12-2018

Error message From Win 10 PC's: Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding

ip dhcp excluded-address 192.168.1.1 192.168.1.49

ip dhcp pool TESTLAB
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 4.2.2.2

interface FastEthernet0/0 - INSIDE NAT
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto

interface FastEthernet0/1 - OUTSIDE NAT
ip address 80.80.72.219 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

ip access-list standard MYLABS
permit 192.168.1.0 0.0.0.255

ip nat inside source list MYLABS interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 80.80.72.217

Gateway of last resort is 76.80.72.217 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 80.80.72.217
80.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 80.80.72.216/29 is directly connected, FastEthernet0/1
L 80.80.72.219/32 is directly connected, FastEthernet0/1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/0
L 192.168.1.1/32 is directly connected, FastEthernet0/0

moman62 · ‎10-12-2018

see attached file:

moman62 · ‎10-12-2018

I also used the (2) DNS given by my ISP

balaji.bandi · ‎10-13-2018

You have not explained how is your Switch connected to 2811 router.

you can do quick test from router connected to ISP

1. can you able to ping 8.8.8.8 from 2811

2. From PC do nslookup and see the domain is resolvable example google.com

nslookup google.com

3. from PC you able ping 8.8.8.8 ?

ping -t 8.8.8.8

when you doing ping see in router is the nat xlate output ? and post the errors and tests

finally post show version of both the devices and log messages.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

moman62 · ‎10-13-2018

Ping & NSLookup From PC:

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>
C:\>
C:\>
C:\>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 209.18.47.61

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

2811 Router Info:

Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 14-Jun-11 18:17 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1)

RT1LAB#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/0 165 S I WS-C3750G Gig 3/0/47

IP DHCP Binding:

RT1LAB#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.1.50 0063.6973.636f.2d30. Oct 14 2018 03:56 PM Automatic
3032.342e.6637.3832.
2e35.6663.302d.566c.
31
192.168.1.51 014c.cc6a.f6e2.09 Oct 14 2018 04:10 PM Automatic
192.168.1.53 0168.1ca2.129c.20 Oct 14 2018 04:10 PM Automatic
192.168.1.54 0170.85c2.4f86.1b Oct 14 2018 04:37 PM Automatic
RT1LAB#

Ping From 2811 Router:

RT1LAB(config)# exit
RT1LAB#
*Oct 13 16:34:39.099: %SYS-5-CONFIG_I: Configured from console by console
RT1LAB#
RT1LAB#
RT1LAB#
RT1LAB#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms
RT1LAB#
RT1LAB#
RT1LAB#ping 8.8.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/19/24 ms
RT1LAB#

moman62 · ‎10-13-2018

RT1LAB#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.1:59212 192.168.1.51:59212 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:59212 192.168.1.51:59212 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:49750 192.168.1.53:49750 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:52974 192.168.1.53:52974 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:52974 192.168.1.53:52974 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:53513 192.168.1.53:53513 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:53513 192.168.1.53:53513 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:59089 192.168.1.53:59089 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:59089 192.168.1.53:59089 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:60095 192.168.1.53:60095 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:60095 192.168.1.53:60095 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:61865 192.168.1.53:61865 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:61865 192.168.1.53:61865 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:64573 192.168.1.53:64573 209.18.47.61:53 209.18.47.61:53
udp 192.168.1.1:64573 192.168.1.53:64573 209.18.47.62:53 209.18.47.62:53
udp 192.168.1.1:49447 192.168.1.54:49447 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:49447 192.168.1.54:49447 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:52819 192.168.1.54:52819 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:52819 192.168.1.54:52819 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:58473 192.168.1.54:58473 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:58473 192.168.1.54:58473 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:60031 192.168.1.54:60031 8.8.4.4:53 8.8.4.4:53
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.1:60031 192.168.1.54:60031 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:62186 192.168.1.54:62186 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:62186 192.168.1.54:62186 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:62428 192.168.1.54:62428 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:62428 192.168.1.54:62428 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:62838 192.168.1.54:62838 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:62838 192.168.1.54:62838 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.1:62881 192.168.1.54:62881 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.1:62881 192.168.1.54:62881 8.8.8.8:53 8.8.8.8:53
RT1LAB#

Ping From Router To PC:

RT1LAB#ping 192.168.1.54
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.54, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
RT1LAB#

balaji.bandi · ‎10-13-2018

After your looking your configs and output, your router have connection to internet

Looks like your NAT not working.

Lets have quick test NAT part. and change simple config change.

CHANGE THE CONFIG AS BELOW for testing.

=============================

interface FastEthernet0/0
no ip virtual-reassembly in

ip virtual-reassembly
interface FastEthernet0/1
no ip virtual-reassembly in

ip virtual-reassembly
also config ip name-server for testing

ip name-server 8.8.8.8 <-- your ISP name server

once config change done.

From router 2811 you should able to ping yahoo.com <-- paste this output in the forum

if that works, ping using source interface using internal interface.

ping yahoo.com source fa 0/0 - now your NAT Translation should work.

If this is working, check from PC also.

if all fails, post full configuration of router and Switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

moman62 · ‎10-14-2018

do you mean my isp's dns for name-server? I don't understand? can you give me a better example?

balaji.bandi · ‎10-14-2018

This configuration need to be configure in router : ( along with other changes i have suggested on other post).

ip name-server 8.8.8.8 - you start with config (since you confirmed you able to reach 8.8.8.8 from router).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

moman62 · ‎10-14-2018

After spending all day on this issue, I checked my ACL and saw that I had NAT overload pointing to my Inside address instead of my Outside address. Once I made the change did a shutdown on int fa0/0 and fa0/1 and then did a no-shut on each all started working.

Thanks for your help and patience.

balaji.bandi · ‎10-14-2018

Good catch - some time small things misses while we doing diagnosis the problems.

Glad all working as expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help